Merge pull request #1179 from activerecord-hackery/security

scarroll32 · web-flow · commit 00a8e0527326 · 2020-12-02T17:17:14.000+01:00
Move security contact information to SECURITY.md
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+At the moment, only the latest major.minor release stream is supported with
+security updates.
+
+## Reporting a Vulnerability
+
+Please use the Tidelift security contact to [report a security
+vulnerability](https://tidelift.com/security).  Tidelift will coordinate the fix
+and disclosure.
diff --git a/README.md b/README.md
@@ -891,12 +891,6 @@ both in the same application. If both are present, Ransack will default to
 Active Record only. The logic is contained in
 `Ransack::Adapters#instantiate_object_mapper` should you need to override it.
 
-## Security contact information
-
-Please use the Tidelift security contact to [report a security
-vulnerability](https://tidelift.com/security).  Tidelift will coordinate the fix
-and disclosure.
-
 ## Semantic Versioning
 
 Ransack attempts to follow semantic versioning in the format of `x.y.z`, where:
